mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-11-07 04:09:21 +00:00
eed7bf427c
kgsl_cmdbatch_destroy() tries to cancel all pending sync events by taking local copy of pending list. In case of sync point timestamp event, it goes ahead and accesses context's events list assuming that event's context would be alive. But at the same time, if the other context, which is of interest for these sync point events, can be destroyed by cancelling all events in its group. This leads to use-after-free in kgsl_cmdbatch_destroy() path. Fix is to give the responsibility of putting the context's ref count to the thread which clears the pending mask. Change-Id: I8d08ef6ddb38ca917f75088071c04727bced11d2 Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org> Signed-off-by: Archana Sriram <apsrir@codeaurora.org> |
||
---|---|---|
.. | ||
drm | ||
host1x | ||
msm | ||
vga | ||
Makefile |